i 



Approved For Release 2003/1 


d i> / a 

!AlRDP84-0078Q^0034000800^ 

I L E 


1-4 


DD/S 70-3019 



<84 JtJL 1970 


MEMORANDUM FOR: Director of Security 

SUBJECT : Inspector General's Recommendation Concerning 

ADF Security 


1. There is attached an extract of the memorandum to the Executive 
Director-Comptroller in response to the recommendations in the Inspector 
neral s Survey of OCS involving the Support Directorate. This extract 
s e comment on Recommendation No. 9 regarding the Agency's ADF 

^ C 1 ? rity etfort ’ f 16 sui>stance of which is based on our conversations and 
on the memorandum on this subject you sent to me on 20 July 1970. 

, c 2 \ I ? e “e* 811 ** you have P r °P08«d In order to augment the Office 
o Security 8 effort in this field are responsive to the Inspector General's 
recommendation. Please take necessary steps in order to implement the 
proposed chafes. I would be interested in hearing what plans your Office 
s o ring about a coordinated Agency program in the area of ADF security. 
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Attachment 


W j. I hirnSK 
R. L. Bannerman 
Deputy Director 
for Support 
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Distribution: 


brb (23 July 1970) 


Orig - Adse w/att. 

~~b - DD/S Subject w/att. 

1 - DD/S Chrono w/o att. 

1 - Plans Staff/DD/S w/att. 
1 - ADD/S w/att. 
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DD/S 70-2976 

^ Jl JL 1970 > 

MEMORANDUM FOR: Executive Director -Comptroller 


EXTRACT 


"Recommendation No. 9 

That OCS and OS review their ADP security manpower requirements 
and develop measures to insure the secure, compartmented use of the OCS 
time-sharing 360/67 system both for CIA internal needs and for potential 
COINS application. 

Action or Comment 

Members of the Office of Security have discussed security manpower 
requirements and ways of improving the Agency's ADP security effort with 
the Acting Director of Computer Services Based on this review and on 
discussions with the Director of Security, he is prepared to take the following 
measures: 

a. The OS unit concerned with ADP security, which was 
established in October 1969 by reallocation of positions within 
OS, currently has a staff of three professionals and one clerical 
In order to augment the effort, this unit will be expanded by the 
addition of three professional positions, including a GS-14 from the 
Special Security Center and a GS-12 engineer position from the OS 
Technical Division. Additionally, OS and OCS are agreed that it is 
necessary to obtain a professionally trained systems programmer as 
part of this security team; the Director of Security will attempt to 
fill this position at the GS-13 level on a contract basis which is 
being provided for from within the Directorate ceiling. 

b. The OS ADP security unit, which is now a part of the Executive 
Staff, will be transferred to the Physical Security Division where, in 
order to provide proper recognition and authority, the head of the unit 
will be designated as Deputy Chief, Physical Security Division for 
Computer Security. 
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c. The Director of Security also plans, starting in this Fiscal Year 
to increase the use of industrial specialists in order to obtain expert 
advice on particular ADP security problems and equipments. I propose 
to handle the financial adjustments for this increase and the contract 
position salary when the OS budget for FY 1971 is finalized 


in .“ eCt ° r °* Securit y has also undertaken a review of his responsibilities 
in the ADP security field vis-a-vis computer operating and using components, 
lhese responsibilities can be summarized as follows: 


a. Developing and publishing uniform security policy and standards 
for maintaining the security of Agency computer and related information 
processing operations; 


b. Directing a coordinated Agency program toward the identification 
and resolution of security problems involved in the use of computers and 
other modern techniques in the processing of official data; 


c. Providing Agency computer components and users guidance 
in the handling of security problems posed by such operations; 


d. Conducting security audits of Agency computer systems used 
for the processing of official data in order to insure uniform application 
of computer security policy and to test and evaluate systems as to their 
security merit; and, 


e. Providing Agency support to computer security efforts within 
the USIB community where the Agency has an assigned responsibility 
or where it is requested to provide assistance. 


The coordinated ADP security program referred to above (b) should 
facilitate bringing together the efforts of the various Agency components with 
problems and interests in this field, including OS, OCS and ORD, as well as 
other computer operating and using elements. 


In sum, I would note that, given the rapid changes in ADP technology 
and the unknowns concerning security in this field, it does not appear that ADP 
security objectives can be attained easily or quickly. The steps outlined above 
should, however, increase and sharpen our ADP security effort and I would 

hope to make progress toward the security goals discussed in the Inspector 
General's report. " 
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